From 1efb4cc03c167abc40a3a1bd77e06561ab61f555 Mon Sep 17 00:00:00 2001 From: hashiz Date: Fri, 28 Feb 2014 11:28:07 +0900 Subject: [PATCH] * fix incorrect filter port in pf redirect. --- miniupnpd/pf/obsdrdr.c | 10 +++++----- miniupnpd/upnpredirect.c | 16 +++++++++++++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/miniupnpd/pf/obsdrdr.c b/miniupnpd/pf/obsdrdr.c index 04c2ddb..663cea3 100644 --- a/miniupnpd/pf/obsdrdr.c +++ b/miniupnpd/pf/obsdrdr.c @@ -374,7 +374,7 @@ add_filter_rule2(const char * ifname, #endif pcr.rule.dst.port_op = PF_OP_EQ; - pcr.rule.dst.port[0] = htons(eport); + pcr.rule.dst.port[0] = htons(iport); pcr.rule.direction = PF_IN; pcr.rule.action = PF_PASS; pcr.rule.af = AF_INET; @@ -408,7 +408,7 @@ add_filter_rule2(const char * ifname, pcr.rule.src.addr.v.a.mask.v4.s_addr = htonl(INADDR_NONE); } #ifndef PF_NEWSTYLE - pcr.rule.rpool.proxy_port[0] = eport; + pcr.rule.rpool.proxy_port[0] = iport; a = calloc(1, sizeof(struct pf_pooladdr)); inet_pton(AF_INET, iaddr, &a->addr.v.a.addr.v4.s_addr); a->addr.v.a.mask.v4.s_addr = htonl(INADDR_NONE); @@ -636,10 +636,10 @@ error: } int -delete_filter_rule(const char * ifname, unsigned short eport, int proto) +delete_filter_rule(const char * ifname, unsigned short iport, int proto) { #ifndef PF_ENABLE_FILTER_RULES - UNUSED(ifname); UNUSED(eport); UNUSED(proto); + UNUSED(ifname); UNUSED(iport); UNUSED(proto); return 0; #else int i, n; @@ -665,7 +665,7 @@ delete_filter_rule(const char * ifname, unsigned short eport, int proto) syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m"); goto error; } - if( (eport == ntohs(pr.rule.dst.port[0])) + if( (iport == ntohs(pr.rule.dst.port[0])) && (pr.rule.proto == proto) ) { pr.action = PF_CHANGE_GET_TICKET; diff --git a/miniupnpd/upnpredirect.c b/miniupnpd/upnpredirect.c index 7b398ec..1e03b93 100644 --- a/miniupnpd/upnpredirect.c +++ b/miniupnpd/upnpredirect.c @@ -420,8 +420,22 @@ _upnp_delete_redir(unsigned short eport, int proto) #if defined(__linux__) r = delete_redirect_and_filter_rules(eport, proto); #else + char iaddr[INET6_ADDRSTRLEN]; + unsigned short iport; + char desc[64]; + char rhost[64]; + unsigned int timestamp; + u_int64_t packets; + u_int64_t bytes; + int r2 = get_redirect_rule(ext_if_name, eport, proto, + &iaddr, sizeof(iaddr), &iport, + &desc, sizeof(desc), + &rhost, sizeof(rhost), + ×tamp, + &packets, &bytes); r = delete_redirect_rule(ext_if_name, eport, proto); - delete_filter_rule(ext_if_name, eport, proto); + if (r2==0) + delete_filter_rule(ext_if_name, iport, proto); #endif #ifdef ENABLE_LEASEFILE lease_file_remove( eport, proto);